News Stay informed about the latest enterprise technology news and product updates.

Symantec gives its ThreatCon a makeover

Bill BrennerThere’s not a lot of passion in the security blogosphere this week over any topic in particular, but there are some nuggets worthy of note, including an announcement in the Symantec Security Response blog about a makeover for the company’s ThreatCon.

Many security organizations use a measurement system to give customers a sense of the overall security picture at a given moment. The SANS Internet Storm Center has its Infocon while IBM ISS has its Alertcon and Kaspersky Labs has its virus alert box, which gives you a picture of a peaceful hillside when malware levels are normal. There are also places where you can find several of these on one screen, such as the Computer Network Defence site. But Symantec’s ThreatCon is one of the more popular security meters.

Security Blog LogDave Cole, product management director for Symantec Security Response, says the ThreatCon now offers more insight into phishing activity, spyware and adware, spam, malicious attacks and vulnerabilities, including non-Microsoft vulnerabilities and zero-day exploits. More options have also been added so users can “explore the entire threat environment, interact with the new Attack Explorer tool, and view Symantec’s Threat Watch.”

Cole said the main goal was to make it more interactive, comprehensive and visually appealing.

I had no problem with the old ThreatCon, though I do like the changes based on what I’ve seen so far. Since there are now so many different kinds of malware and attack vectors, it makes sense to offer customers more of a breakdown. Now they can drill down deeper into the areas that pose the most risk for their companies.

Check out the new ThreatCon and share your thoughts.

More on the Firefox/Internet Explorer flaw

Mozilla updated Firefox to fix several security flaws this week, including a vulnerability connected to Internet Explorer that has caused some controversy. The controversy has centered around whether the flaw was a problem from Microsoft’s side of the fence or Mozilla’s. Both sides have appeared reluctant to own this one.

And Thor Larholm, one of the researchers who brought this problem to light, says in his blog that the Firefox update isn’t the end of the story.

“Mozilla has just released Firefox which purportedly fixes one of the attack vectors of the Internet Explorer input validation flaw that I previously detailed,” he wrote. “I will go on the record as stating that this does not actually fix the flaw in Internet Explorer, but simply patches one of the myriads of attack vectors.”

He said he can still automatically launch a wide range of external applications from Internet Explorer and provide them with arbitrary command line arguments.

As for who is most responsible for this flaw, Larholm says the assessment Mozilla put in its MFSA 2007-23 bulletin matches his thinking. Mozilla says in that bulletin, “This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer.”

Of course, Microsoft has already declared that this is not a vulnerability in a Microsoft product.

As I mentioned last week, there’s a bigger issue here than which browser the flaw came from.

People need to take care when browsing the Internet. If you are visiting porn and gambling sites or shopping online using a site that doesn’t clearly outline how the merchant is protecting your credit card data, you’re asking for trouble no matter which browser you’re using.

Some advice is worth repeating.

The Internet crash of 2007

I end this week’s column with some blogosphere buzz about a new parody video from The Onion with the following headline: “Breaking News: All online data lost after Internet crash.”

Security bloggers like Todd Towles (Thoughts of a Technocrat) and Dave Lewis (Liquidmatrix) are either linking to it or pasting it right into their blogs.

My favorite part: The dejected blogger who, after finding that all his data was gone, declared that his life is boring now and he wants to control/alt/delete himself.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.